Author: Karmoko Sillah

 

To:Prof. Ellis

From:Karmoko Sillah

Date:10/16/2019

Subject: According to the oxford dictionary, Malware is defined as “Programs written with the intent of being disruptive or damaging to (the user of) a computer or other electronic device; viruses, worms, spyware, etc., collectively” (“malware”, 2019.)

Reference: Firmware, n. (2019) In Oxford English Dictionary Online. Retrieved from https://www-oed-com.citytech.ezproxy.cuny.edu/view/Entry/267413?redirectedFrom=malware#eid

Introduction

This paper will thoroughly examine and evaluate the term “malware” which is an integral part of the new age of technology. Malware is one of the biggest and original attacks that have been used for years by hackers in order to compromise systems. This paper will look into its origins. Dialogues pertaining to the topic of malware, and among other interesting things. I will be using various articles, books, and dialogues that I have found in order to dive deep into the term malware.

Definition

As generally defined by Kramer, “Intuitively, malware is software that harmfully attacks other software…Logically speaking, a harmful attack on a software system is nothing else than the falsification of a necessary condition for the correctness of that system. Hence, pieces of malware are falsifiers of the correctness hypothesis made de facto by the shipment of the software system”(Kramer, 2019). This definition given by Kramer, offers the definition that malware is an attack on computing systems through which falsified data is sent to systems in order to compromise individuals and exploit their vulnerable systems. Another definition given by Damshenas of malware is as stated, “Malware is a general term, which stands for malicious software and has many shapes (codes, scripts, active content and others). It has been designed to achieve some targets such as, collecting sensitive data, accessing private computer systems, even sometimes harming the systems“ (Damshenas, 2013). This author dives deeper into the definition of malware, where he says that malware takes on many different shapes . It’s not always just codes that are used to compromise a system, but scripts are used, ads, content, etc. This is why it is so hard to detect because there isn’t a single attack mechanism that is used in malware, it takes on various attacks. Similar to Kramer’s definition, this author also states that malware is used to cause intentional harm to a computer system for the purpose of accessing unauthorized information. The third definition given by Britannica’s book “From privacy to piracy” states, “Malware, or “ mal icious soft ware ,” is any kind of malicious computer program, such as a virus, trojan, spyware, or worm. Malware typically infects a personal computer (PC) through e-mail, Web sites, or attached hardware devices” (Britannica, 2011). The authors of this book define malware as being a code of malice which can be used as many different forms of attacks which are then injected into a person’s computer using false emails and sites. This definition is also similar to the ones prior to it , where it too defines malware as an intended attack towards another individual using different techniques . These authors don’t really differ in their definition of malware, some offer a more in-depth definition than the other, but they all lean towards the same denotation of the word “malware”.

Context

As technology continues to evolve so will the threat of malware. According to Mohd Fazal Ab Razak, “With the availability of new technologies, malware authors are able to use novel approaches to hide detection. This has led to the many studies which are conducted to explore the malware do- main… Verizon reported that around 170 million of malware events occur across organizations, with the frequency of five malware occurring every one (1) second” (Razak, 2016). As technology continues to advance and evolve, the opportunities for hackers to perform malicious attacks becomes greater and greater. They are using these new technological tools to hide detection and secretly perform malicious attacks on individuals without them realizing it. A newspaper article from the New York Times states that individuals stole millions of dollars from various banks using malware. David E. Sanger and Nicole Perlroth stated, “The bank’s internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move… the group impersonated bank officers, not only turning on various cash machines, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands into dummy accounts set up in other countries” (Sanger & Perloth, 2016). Individuals from russia impersonated bank officers through which they sent malware to bank computers which in turn allowed for them to study banks actions and routines. From being able to access this, they then started secretly stealing money from 100’s in various countries. They were doing this for a very long period of time before inevitably being caught. This is a perfect case of malware attacks being carried out to perform heinous criminal acts against individuals in this case multiple institutions. Hackers are finding efficient ways to avoid detection and perform harmful attacks such as this one in order to afflict as much damage as they can to a system. In another instance, a popular database server known as MySql was hacked using malware. According to virus bulletin, “This is what happened to mysql.com: the website was modified to include a small JavaScript file hosted on the same server. This file generated an iframe which contained a URL that redirected to another URL. This final URL contained the ‘BlackHole’ exploit pack” (Bulletin, 2019). During 2011 famous software service “MySql” was hacked using an injected malware file in the form of an image which would then send the user to another URL, and this is where the damage started. They were able to infect the iFrame by exploiting vulnerabilities in plug-ins and javascript that were outdated. This is the exact reason why ensuring that these two things are always up to date, because you could leave yourself vulnerable to a malware attack. In another situation, international hackers injected malware into the computers of government officials who weren’t given the proper security training, and left themselves vulnerable to attack. According to Josh Halliday, “Victims’ computers were infected when they opened a cleverly disguised Adobe PDF attachment to an email. The document would be tailored specifically to its target, according to the researchers, as unsuspecting government victims are more likely to open an attachment that mentioned foreign policy, a human rights seminar, or Nato membership plans” (Halliday, 2011).  This is another example that is similar to the previous examples of malware, where international hackers injected malicious malware into the form of PDF documents which looked legit and official. When these government officials received these emails including the PDF links, they clicked on them and left their computers exposed to these attackers. This malware attack is actually one of the first malware attacks created. Although there was no discovery as to what was targeted, nonetheless valuable governmental information was exposed, and usually these attacks are done just for the fun of it.

Working Definition

In conclusion, with all the definitions and examples of malware that could be found throughout various sources and cites I have generated a working definition of the term after doing much research. Malware can be defined as a malicious software program, that can be injected into a system via email, pdf, etc, using various techniques such as coding, scripting, phishing, etc which in turn falsifies itself as a reliable entity, and when it is trusted by an end-user and opened it can then spread throughout a system compromising it, and leaving valuable information exposed to an outside entity. Malware is only growing more and more as technological advancements continue to grow. Finding a stop to malware has become more and more of a challenge due to the advancement of technology and the tools that come with it which are available to hackers for use.

References

1.Kramer, Simon, and Julian C. Bradfield. “A General Definition of Malware.” SpringerLink, Springer-Verlag, 29 Sept. 2009, https://link.springer.com/article/10.1007/s11416-009-0137-1.

2.Damshenas, M., Dehghantanha, A., & Mahmoud, R. (2013). A survey on malware propagation, analysis, and detection. International Journal of Cyber-Security and Digital Forensics, 2(4), 10+. Retrieved from https://link-gale-com.citytech.ezproxy.cuny.edu/apps/doc/A359172420/AONE?u=cuny_nytc&sid=AONE&xid=906ba4aa

3.Britannica, Educational Publishing Staff. Issues in Cyberspace : From Privacy to Piracy, edited by Robert Curley, Rosen Publishing Group, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/citytech-ebooks/detail.action?docID=798344.

Created from citytech-ebooks on 2019-10-10 14:42:38.

4.Razak, M., Anuar, N., Salleh, R., & Firdaus, A. (2016). The rise of “malware”: Bibliometric analysis of malware study. Journal of Network and Computer Applications, 75(C), 58-76.

5.Sanger, D. E., & Perlroth, N. (2015, February 14). Bank Hackers Steal Millions via Malware. Retrieved from https://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html.

6.Bulletin, V. (n.d.). Mysql.com hacked, serving malware. Retrieved October 12, 2019, from https://www.virusbulletin.com/blog/2011/09/mysql-com-hacked-serving-malware/.

7.Halliday, J. (2011, February 27). Hackers attack European governments using ‘MiniDuke’ malware. Retrieved October 13, 2019, from https://www.theguardian.com/technology/2013/feb/27/hackers-attack-european-governments-miniduke.